Past Presentations

Featured Presentation Slides

If the mobile devices that everyone uses for day-to-day collaboration have no integrity, what does that mean for all of the data that is flowing to/from those mobile applications? Join mobile security expert Aaron Turner for an in-depth look at the state of mobile technology, the easily-exploitable vulnerabilities that he and his team have discovered in iOS, Android, MDM, MAM and EMM platforms. He will also share insights from his latest research and development project, Hotshot, which is designed to overcome these problems.

Ken will cover DRP (Disaster Recovery Planning) as seen through his decade of Security Operations Center experience. Topics will include disaster scenarios, how to prepare, and how to respond during a event.

One of the most important aspects of IT security is identity management. Controlling who has access to what, when and where is harder than ever as traditional perimeter boundaries soften and employee turnover increases. Single sign-on, LDAP, meta-directories, virtual directories, automated provisioning/de-provisioning of user accounts and privileges and role management all contribute to a larger solution whose importance continues to increase in the face of rising threats and stepped up regulatory requirements. This session will introduce the various components needed to cover identity and access management across the organization, present alternative architectural approaches and discuss some of the hot topics in this increasingly important space.

Ron Dilley is a leading information security practitioner and thought leader with more than two decades experience building and implementing information security practices for global companies, overseeing and revitalizing infosec teams and advising on mergers, acquisitions and divestitures from an infosec perspective. In the constantly changing infosec landscape, Ron is dedicated to staying abreast and ahead of current and emerging threats across all relevant technologies.

Physical Security for Infosec Pros (Breaking and Entering 101) – Bobby Kuzma, Nov 2017
You’ve probably heard the old adage “If I can touch it, it’s not your computer anymore?” Join Core Security’s BobbyKuzma as he dives into the myriad ways that the oldest security disciplines can be turned against modern networks. We’ll cover locks, access control systems (both keypad, proximity, and biometric), sensors, cameras, and other entry techniques. For the more research minded, we’ll even explore how to find the information on the magic keys that open all the doors for first responders, too. This talk is also known as “Breaking and Entering [with permission] 101”.

Leveraging Behavioral Analytics in APT Detection – Shankar Subramaniam, Sep 2017
Known malware can be detected by understanding their signatures and crafting rules to detect them. To detect Advanced Persistent Threats (APT) and zero-day attacks requires a different approach. This talk showcases how machine learning based behavioral analytics can be leveraged.

Exploring Different Approaches to Penetration Testing – Cara Marie, Aug 2017
Assessing and reducing an organization’s external attack surface is a key first step in a developing a mature security program. But like any engineering challenge, the key is choosing the right tool for the job. How can your organization define the right scope and approach to securing their external infrastructure? This talk will give you the perspective of a professional pentester, and outline what key questions and criteria to use when tailoring a netpen to meet your needs. Before spending security funds on the latest trend in ‘Red-teaming’, we’ll help you make sure it’s the right fit for you.

After more than a decade performing vulnerability assessments and penetration tests on web applications on all kinds of systems, I reached the point where I can step back and look at the big picture.

This presentation is about web application vulnerability trends over the last ten years and how the industry has reacted to them. You will also learn about the most common vulnerabilities found in today’s systems and more importantly, why we still find them in 2017. I will conclude the presentation by identifying effective safeguards against those current vulnerabilities.

As security professionals, almost every action we take comes down to making a risk-based decision. Web application vulnerabilities, malware infections, physical vulnerabilities, and much more all boils down to some combination of the likelihood of an event happening and the impact of that event. Risk management is a relatively simple concept to grasp, but the place where many practitioners fall down is in the tool set.

LA Summit9 – Universal Hilton, May 2017
Check back soon for the presentation from Summit 9…

Hillbilly BBQ: Your rail networks – Chris Roberts, Apr 2017
Your rail networks put to use to facilitate OUR party…
This presentation took longer to put together than it took to hack into most of your railroad systems.

Detecting and Preventing the Adversary – Michael Haag, Mar 2017
It’s 2017 and we still hear organizations falling to ransomware and worse yet – nation state threat actors. Hundreds of products are produced each year that promise to prevent the “bad guys” before execution while using “math”, AI and machine learning. The truth is you don’t need all this unicorn technology to solve the problem. In this session, Red Canary Director of Advanced Threat Detection & Research Mike Haag walks you through multiple methods to build your defenses like a fortune 50 on a shoestring budget. You will learn advance methods to prevent attackers or require the attacker to make enough noise to be obvious.

Third-Party Breaches – Harry Wan, Nov 2016
In a significant number of reported breaches, attackers continually wage successful campaigns that target and then leverage suppliers or third parties as vectors. This talk will explore a few of these breaches in depth, as well as best practices and processes to mitigate the threats. Although many of the best practices will no doubt be familiar to a seasoned security practitioner, some elements involve teaming with other parts of the business. We will help you to identify these internal partners while discussing how to build a successful vendor cyber risk management program. The points explored in this talk should prove extremely valuable to businesses of all sizes and their service providers alike.

DDoS is coming, are you prepared? – Tin Zaw, Oct 2016
DDoS attacks and other security threats are not a matter of if, but a matter of when. Cyber extortion schemes like DDoS-for-Bitcoin ransoms are becoming increasingly popular, and leave businesses with the difficult decision of whether to give in to attackers’ demands or risk becoming inaccessible during peak shopping days. This talk will examine a real case in which a Fortune 500 client faced a massive Bitcoin extortion attack during their peak online shopping season and how their web properties were protected.

Feedback Security – Mark Hillick, Sep 2016(Contact Presenter for slides) In his talk, with a focus on Infrastructure Security, Mark will be discussing how the team has developed a security culture based on feedback. He will explain:
• Challenges faced and what gaps were identified
• How the team works with the Riot feedback culture to close those gaps, including examples 🙂
• What the team has learned
• The future level-up

Why Motive Matters – Jamison Utter, Aug 2016(Slides Coming Soon!!) During this presentation we will dive into why the criminal underworld exists and thrives. We will examine the process for funding and building malware campaigns, drawing on unique research and insider perspective. And with new insights into motivation, we will explore ways to apply that to improve our security thinking and practices.

– Malcolm Harkins, Jul 2016(Slides Coming Soon!!)

Incident Response Investigation Stories – Will Matson and Jay Taylor, Apr 2016(Slides Coming Soon!!) two consultants from FireEye’s consulting practice, Mandiant, will be sharing incident response investigation stories – their focus being two investigations during which they discovered the advanced threat actors using Master Boot Record (MBR) and Volume Boot Record (VBR) bootkits to persist their backdoor malware. They will be sharing investigation and malware details, their approach for discovering and recovering the bootkit malware, as well as some preventative measures related to bootkits.

The Future of Data Loss Prevention – Jeremy Wittkop, Mar 2016(Slides Coming Soon!!) Cybersecurity is at a crossroads. Our perimeter castle walls are no longer sufficient to protect against the rapidly evolving cyber threats of today’s global environment. While technologies such as Data Loss Prevention (DLP) and Security Incident and Event Management (SIEM) are experiencing resurgence among cyber security professionals, the quest to successfully prevent data loss is still a work in progress.
Participants will gain a fresh look at DLP challenges and solutions including:
• The current state of data loss prevention best practices
• Using Identity and Access Management (IAM) as foundational tools to build more proactive cyber security programs
• What a proactive cyber security program should look like, leveraging today’s security technologies to achieve Predictive Analytics
• The next big step in cybersecurity – Behavioral Analytics

Securing our Future: Lessons From the Human Immune System – Gavin Hill, Feb 2016
All signs point to a future world of more complex, harder to detect cyber threats. Our adversaries are exploiting what seems to be our strengths. Intel predicts the next big hacker marketplace to be in the sale of digital certificates already selling for more than $1000 each on Russian marketplaces. Gartner expects 50% of network attacks to use encrypted SSL/TLS in less than 2 years. What’s to do? The human immune system has evolved to defend and destroy complex and oftentimes overwhelming attacks. What can we learn from it? How can we create a future that’s more resistant as we use more software, more clouds, more apps, and more connected devices.

Encryption Best Practices – Ron Stamboly, Jan 2016(Slides Coming Soon!!) From the Encryption Best Practices Presentation you will learn:
• The history of Encryption
• How Encryption is deployed in the Enterprise
• Best Practices for Encryption and Key Management that can be applied today

OAuth 2.0: Where are we going? – Jim Manico, Dec 2015
OAuth is a new kind of security protocol. It’s used for delegating various features from one service to another on behalf of your users. OAuth intersects with authentication and access control, let would not likely use OAuth in and of itself for authentication, session management or for access control in your applications. Even more confusing, OAuth is not a standard and various service providers will likely have different implementations. Let’s say it again, OAuth is not a standard – its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion? These questions and more will me answered in this talk!.

Man in the Cloud (MITC) attack Demonstration – Mr. Shan Zhou, Nov 2015(Slides Coming Soon!!) In our hacker intelligence report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures. Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild.

Stealthy Social Engineering Demo – Caesar Sedek, Brian H. Lee, Ying Yang, Avishkar Nikum, Yousef Ismail, Eric Pittman, Oct 2015(Slides Coming Soon!!) Organizations are strengthening their cybersecurity programs and, in response, hackers are beginning to innovative ways they gain unauthorized access to corporate systems. Modern attacks that successfully breach the perimeter also usually create a persistent connection so that the hacker can come back to the compromised system at a later time. Furthermore, these attacks usually run in memory making it difficult to find, identify and analyze. The common vulnerability that continues to be exploited to gain a foothold is the human. People are often the weakest link and even an educated and “security aware” user may be the easiest vector for a hacker to gain unauthorized access. This concept cannot be illustrated by a simple Power Point presentation. The live demonstration by PwC’s top penetration testing team will show detailed exploits that hackers can use when a user unknowingly opens a malicious email attachment and how current Anti-Virus methods do very little to prevent it. After the demo, PwC team will show commonly misconfigured security controls that could have prevented such an attack.

Enterprise Cybersecurity: Building an Effective Defense – Scott Donaldson; Chris K. Williams; Abdul Aslam, Sept 2015
In the majority of high profile breaches, attackers use methods that exploit password-based credentials. These range from the point of which an attacker can gain entry as a normal user to later elevating privileged user accounts. Identity industry veterans, Jerome Becquart and Terry Gold will provide a unique viewpoint of strong identity evolution practices spanning one-time passwords in the 90’s, through their time developing and deploying the first large scale government identity program (Department of defense Common Access Card, “CAC”) to modern-day landscape of choices.

Safely Enabling Office 365 – Seth Hammerman, Aug 2015(Slides Coming Soon!!) Microsoft Office 365 is experiencing rapid adoption within enterprises. With as many as 25 percent of Microsoft customers, and an array of services such as Exchange, SharePoint, Lync, Office Web Apps, OneDrive, and Yammer, the suite has become increasingly robust and attractive. For many companies, this will be their first key move in their journey to the Cloud. This presents a significant opportunity for companies to streamline and economize by shifting to the Cloud, but it also presents significant challenges in terms of Policy and Access Control, Data Governance, and Risk Mitigation. For example, users with unfettered access to all data from Microsoft OneDrive on any device presents a significant security challenge, especially for the Financial and Healthcare verticals.

Practical Guide to Assessing Password Alternatives – Jerome Becquart; Terry Gold, July 2015(Slides Coming Soon!!) In the majority of high profile breaches, attackers use methods that exploit password-based credentials. These range from the point of which an attacker can gain entry as a normal user to later elevating privileged user accounts. Identity industry veterans, Jerome Becquart and Terry Gold will provide a unique viewpoint of strong identity evolution practices spanning one-time passwords in the 90’s, through their time developing and deploying the first large scale government identity program (Department of defense Common Access Card, “CAC”) to modern-day landscape of choices.

Information Assurance Lessons Learned from Engineering – Vern Williams, June 2015
Information Assurance as a field is a relative newcomer to the professions. So, what can we learn from those who have come before us? Engineering as a discipline keeps our bridges supporting traffic and our missions to space safe, unless they don’t. What can we, as security professionals, learn from the lessons that have been learned the hard way by others in this world. We will look at several engineering disasters and take lessons from what went wrong and what was done to correct the root causes of the disaster.

72hrs of Incident Response – Ken Scott, May 2015
Ken will discuss the life cycle of an Network Security Incident, steps to organize, communication, and how to respond as an organization. Ken will also discuss the most recent DDoS attacks and defense methods.

Securing Sensitive Data: A strange Game – Jeff Elliot, April 2015
Information security compliance regulations like PCI, HIPAA, SB1386 have been around for many years now, but we continue to suffer large data breaches. In this talk, an experienced PCI QSA will discuss why even the best efforts at compliance fail to prevent breaches, provide examples from the field of what goes wrong despite these best efforts, and how to win by not playing – by getting the sensitive data the thieves want out of your environment.

Not Your Father’s Remediation – Wendi Rafferty and Chris Scott, March 2015Today’s incident response team can’t just rely on having a whole weekend to remediate. You’ve also got to be able to start frustrating the attacker earlier and earlier in the response. Suppose an advanced attacker had figured out how to reliably evade your boxes, your endpoint software, your DLP. And he’s using your credentials against you. Could you find and frustrate him? Or would you pour a steaming cup of fail in your own lap? In this course, you’ll learn a few ways that hunters lock down authentication credentials during a hot incident, when we’re engaging in a running firefight with the adversary on your own network. We’ll show you the tactics and when to apply them. Attendees will learn how to conduct adversary-based hunting operations using existing technology; improve authentication credential protection during live IR and prepare for adversary evolution. And yeah, we’ll use tactics from current incidents we responded to.

Who Are the Bad Guys? – David Perry , February 2015There is more than one kind of miscreant out there these days. More than one kind of crime. Everything from amateur jokesters to acts of war, and, to quote Al Jolson, you ain’t seen nothing yet! I have divided the categories of cyber actors (only I don’t like to call them actors because, as a SAG card carrying actor in my own right I don’t like to debase that term) so let’s call them Perpetrators, okay? Six kinds of perpetrators. This basically covers what we face today, and these six kinds use different tactics, have different goals, create different kinds of problems. They are all bad guys, but some of them are on our team, or claim to be. This will take the confusion you face today and make it terrifying. I promise..

Current Status of Information Security & Breach Events – Demetrios Lazarikos (Laz), January 2015Over the past year Demetrios Lazarikos (Laz) has had the opportunity to meet with hundreds of executives about the current status of Information Security and breach events. The information he’s gathered is represented through multiple verticals – the quick summary – everyone is feeling the breach effects from the past 12 months.
Laz will discuss:
– Metrics gathered during the past 12 months
– How we got here with the evolution of technology
– Options in how to address and solve these complex issues
– Selling and communicating to the C-Suite

Applying Security Intelligence – Ira Winkler, December 2014
Ira Winkler, President of ISSA International surprised us by attending our Annual Holiday Party! He gave a talk on security intelligence.

ISSA-LA Community Outreach Year in Review – Stan Stahl, December 2014
Stan Stahl, President of ISSA Los Angeles Chapter presented our 2014 accomplishments, thanked our volunteers and members. He also talked about the year ahead, and the ISSA LA Seventh Security Summit at the LA Convention Center.

Advanced Security Tips for End Users – Cassio Goldschmidt, November 2014
When it comes to tips on how end users can protect themselves from phishing, malicious websites and trojans, security professionals sometimes sound like a broken record regurgitating the same old advice. Today’s end users are more tech savvy and deserve to know more. The talk is about how to surf safely on the web and perform some basic level of analysis of suspicious files, phishing and how to achieve superior protection against zero days or evil twins. If you like LifeHacker style tips, this talk is for you.

Securing the Internet of Things (IoT) – Ying Yang & Caesar Sedek, October 2014he Internet of Things is a concept that has been gaining momentum in the technological world, as innovative organizations are merging the physical and digital realms and bringing smarter, more connected products and experiences to their customers. Leveraging machine-to-machine (M2M) technologies such as GPS and RFID, the IoT will transform and revolutionize the way we live and do business. However, with increased integrated connectivity among devices comes greater security and data privacy challenges and risks. In this presentation, we will provide an overview of the IoT (concept, trends and vendors) as well as discuss the current and future risks and controls to mitigate them.

Securing the SDLC in the real world – Jim Manico, September 2014The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.

Solid Defense Strategies – Kevin Cardwell, August 2014
In this presentation Kevin will discuss the importance for developing robust ingress and egress filtering to mitigate the threat of sophisticated malware. He will discuss the essential steps you need to take to defend from the majority of the known attacks. He will also show the challenge and importance for analyzing your systems live memory. The talk will conclude with the importance of adding hardware based protection to your defenses. While there is no such thing as perfect security, deploying these tactics will make you a hard target.

IT security risk has exploded exponentially. What does this mean to your business and for global, local, IT and security? What is enterprise risk management and how does it apply to security and your business? How much security is enough? Find out what matters most to executive staff, where opportunities and trends lie, and what you can you do today.

Breaking the Lifecycle of the Modern Threat – Santiago Polo, April 2012
Network attacks are becoming both more sophisticated and more common, with all types of enterprises and all types of information being targeted by attackers. In this presentation we will shine light on the lifecycle of a modern network attack to understand how the threat landscape has changed and what is required from us as security professionals to protect our networks and users today.

Pulp Google Hacking – Francis Brown, February 2012
Last year’s Lord of the Bing presentation stabbed Google Hacking in the heart with a syringe full of adrenaline and injected life back into a dying art form. New attack tools and modern defensive techniques redefined the way people thought about Google Hacking. Among these were the first ever Bing Hacking tool and the Google/Bing Hacking Alert RSS feeds, which have grown to become the world’s single largest repository of live vulnerabilities on the web. And it was only the beginning…
View Slides»

Securing the SDLC – Jerry Hoff, January 2012
There are multiple documents, methodologies and schools of thought for adding security activities to each step of the SDLC. In this presentation we will go through several of the more popular methodologies and discuss advantages / disadvantages of each. We will also discuss challenges and resistance of trying to add security to an entrenched development process.
View Slides»

Beyond Signatures & DPI – Tomás Byrnes, July 2011
The current threat landscape is characterized by a growing number of attacks of increasing sophistication and criminal intent. Today’s IT security professionals understand that safeguarding corporate data and assets requires a multi-layered approach. Join Tom Byrnes, industry expert and CEO of ThreatSTOP as he shares best practices in layered security, how to protect against botnets and Advanced Persistent Threats, and the impact of IPv6 on your security infrastructure. View Slides»

Stuxnet – Attack on Critical Infrastructure – Liam O Murchu, March 2011
Stuxnet is the first threat we have seen that is capable of changing how physical machinery can operate. This automatically places the worm in a completely new category of threats. The fact that it’s suspected target was an Uranium enrichment facility is Iran only adds to its novelty. These and other aspects of Stuxnet make it stand out as a ground breaking project and are the topics for discussion in this talk. As well as discussing what makes Stuxnet so unusual, recently released information about the way that Stuxnet spread from computer to computer will also be shown. This information highlights how well Stuxnet actually performed in the real world, not just the theoretical capabilities of the threat. The implications on security procedures that Stuxnet has raised will also be presented. View Slides»

Anatomy of an APT Attack – David Nardoni & Jeff Dye, February 2011
The news is seemingly wrought with stories of network and data breaches. Buzzwords abound at a dizzying pace: viruses, malware, and botnets oh my! Then we learn of something a bit more nefarious; the Advanced Persistent Threat (APT). In our discussion, we will explore APT attacks from the incident responder’s point of view. We will discuss examples of how the attacks are carried out and, which containment and remediation actions are effective and which are not. The goal is to provide you, the First Responder, with some basic guidelines, tips, and techniques on dealing with APT events. View Slides»

Mobile Application Security – Dr. Eugene Schultz, January 2011
The user computing environment has changed considerably over the last decade. Mobile computing devices such as laptop computers, smartphones, Bluetooth devices, and personal data assistants (PDAs) are now routinely used not only by “road warriors,” but also by other employees and contractors both within and outside of the traditional workplace. Mobility creates many security-related risks (physical theft, eavesdropping in wireless environments, viruses and worms, anonymous connections, unauthorized connections to mobile devices through exploitation of vulnerabilities, and more), many or most of which are typically not adequately understood, let alone addressed. The fact that business-critical information is often stored on these devices further exacerbates these risks; the fact that mobile applications commonly run on these devices have generally been written without much if any consideration of security proliferates risk even more. Worse yet, information and knowledge concerning mobile applications are scarce. Even fewer people know virtually anything about mobile application security, resulting in these applications running in what is almost always an insecure “out-of-the-box” state. Additionally, iPhones must be “jailbroken” to run certain applications—the consequences for security are not good. This presentation concentrates on the functionality of a range of widely used mobile applications, vulnerabilities and risks associated with these applications, and possible security solutions, if they exist. View Slides»

Threat Modeling at Symantec – Edward Bonver, September 2010
Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the system being built. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation we’ll take a look at why Threat Modeling is so important; we’ll explore the process behind it, and how the process is being implemented and followed across Symantec. View Slides»

Secure Coding Practices and Procedures – Mike O. Villegas, September 2010
Organizations process information over web applications that can be often classified as sensitive, confidential, or considered intellectual property. Web Application Firewalls (WAF) provide protection for business critical data and web applications with an automated and transparent approach to monitor and protect enterprise data as it is accessed and transacted through applications. To augment WAF filtering and vulnerability monitoring, many organizations have developed or outsource secure code reviews and development. Information Security at Newegg established their own .NET C# secure coding standard, train and test our developers on secure coding, and do their own secure code reviews with WebInspect and manual code reviews. They started to develop a web application threat modeling approach but it is still in its infancy. This presentation focuses on the secure coding standard, satisfying PCI requirements for such, and training / testing of developers in secure coding practices using OWASP Top 10 Vulnerabilities as its foundation. View Slides»